2.2. Noutăți în distribuție

This new release of Debian again comes with a lot more software than its
predecessor jessie; the distribution includes over 15346
new packages, for a total of over 51687 packages. Most of the
software in the distribution has been updated: over 29859
software packages (this is 57% of all packages in
jessie). Also, a significant number of packages (over
6739, 13% of the packages in
jessie) have for various reasons been removed from the
distribution. You will not see any updates for these packages and they will
be marked as "obsolete" in package management front-ends; see Secțiune 4.8, „Pachete învechite”.

Debian again ships with several desktop applications and environments.
Among others it now includes the desktop environments
GNOME 3.22, KDE
Plasma 5.8,
LXDE,
LXQt 0.11,
MATE 1.16, and
Xfce 4.12.

2.2.1. CDs, DVDs, and BDs

The official Debian distribution now ships on 12 to 14 binary
DVDs
(depending on the architecture) and 12 source
DVDs. Additionally, there is a
multi-archDVD, with a subset of the
release for the amd64 and i386
architectures, along with the source code. Debian is also released as
Blu-ray
(BD) and dual layer Blu-ray (DLBD) images for the
amd64 and i386 architectures, and also
for source code. Debian used to be released as a very large set of
CDs for each architecture, but with the stretch
release these have been dropped.

2.2.2. Security

For the stretch release, the Debian version of the GNU GCC 6 compiler now
defaults to compiling "position independent executables" (PIE). Accordingly
the vast majority of all executables will now support address
space layout randomization (ASLR), which is a mitigation for a
number of exploits that are now probabilistic rather than deterministic.

2.2.3. GCC versions

Debian stretch includes only version 6 of the GNU GCC compiler, which may
impact users expecting version 4.x or 5.x to be available. See the GCC5 and GCC6 wiki pages for more
information about the transition.

2.2.4. MariaDB replaces MySQL

MariaDB is now the default MySQL variant in Debian, at version 10.1. The
stretch release introduces a new mechanism for switching the default
variant, using metapackages created from the mysql-defaults source package. For example,
installing the metapackage default-mysql-server will install mariadb-server-10.1. Users who had mysql-server-5.5 or mysql-server-5.6 will have it removed and
replaced by the MariaDB equivalent. Similarly, installing default-mysql-client will install mariadb-client-10.1.

Important

Note that the database binary data file formats are not backwards
compatible, so once you have upgraded to MariaDB 10.1 you will not be able
to switch back to any previous version of MariaDB or MySQL unless you have a
proper database dump. Therefore, before upgrading, please make backups of
all important databases with an appropriate tool such as
mysqldump.

The virtual-mysql-* and default-mysql-* packages will continue to
exist. MySQL continues to be maintained in Debian, in the
unstable release. See the Debian MySQL Team wiki
page for current information about the mysql-related software
available in Debian.

2.2.5. Improvements to APT and archive layouts

The apt package manager has seen a
number of improvements since jessie. Most of these apply to aptitude as well. Following are selected
highlights of some of these.

The APT-based package managers have also gotten a number of improvements
that will remove the annoying „hash sum mismatch” warning that
occurs when running apt during a mirror synchronization. This happens via
the new by-hash layout, which enables APT to download
metadata files by their content hash.

If you use third-party repositories, you may still experience these
intermittent issues, if the vendor does not provide the
by-hash layout. Please recommend them to adopt this
layout change. A very short technical description is available in the
Repository
format description.

While this may be mostly interesting for mirror administrators, APT in
stretch can use DNS (SRV) records to locate an HTTP backend. This is useful
for providing a simple DNS name and then managing backends via DNS rather
than using a „redirector” service. This feature is also used
by the new Debian mirror described in Secțiune 2.2.6, „New deb.debian.org mirror”.

This service relies on the new DNS support in APT, but will fall back to a
regular redirect for HTTPS access or older versions of APT. More details
are provided on deb.debian.org.

Thanks to Fastly and Amazon CloudFront for sponsoring the CDN backends
behind this service.

2.2.7. Move to "Modern" GnuPG

The stretch release is the first version of Debian to feature the
„modern” branch of GnuPG in the gnupg package. This brings with it elliptic
curve cryptography, better defaults, a more modular architecture, and
improved smartcard support. The modern branch also explicitly does not
support some older, known-broken formats (like PGPv3). See
/usr/share/doc/gnupg/README.Debian for more
information.

We will continue to supply the „classic” branch of GnuPG as
gnupg1 for people who need it, but
it is now deprecated.

2.2.8. A new archive for debug symbols

Notă

This section is mostly interesting for developers or if you wish to attach a
full stack trace to a crash report.

Previously, the main Debian archive would include packages containing debug
symbols for selected libraries or programs. With stretch, most of these
have been moved to a separate archive called the
debian-debug archive. This archive contains the debug
symbol packages for the vast majority of all packages provided by Debian.

If you want to fetch such debug packages, please include the following in
your APT sources:

Once enabled, you can now fetch debug symbols for the package in question by
installing pkg-dbgsym. Please
note that individual packages may still provide a pkg-dbg package in
the main archive instead of the new dbgsym.

2.2.9. New method for naming network interfaces

The installer and newly installed systems will use a new standard naming
scheme for network interfaces instead of eth0,
eth1, etc. The old naming method suffered from
enumeration race conditions that made it possible for interface names to
change unexpectedly and is incompatible with mounting the root filesystem
read-only. The new enumeration method relies on more sources of
information, to produce a more repeatable outcome. It uses the firmware/BIOS
provided index numbers and then tries PCI card slot numbers, producing names
like ens0 or enp1s1 (ethernet) or
wlp3s0 (wlan). USB devices, which can be added to the
system at any time, will have names based upon their ethernet MAC addresses.

This change does not apply to upgrades of jessie systems; the naming will
continue to be enforced by
/etc/udev/rules.d/70-persistent-net.rules. For more
information, see /usr/share/doc/udev/README.Debian.gz
or the
upstream documentation.

2.2.10. News from Debian Med Blend

Besides several new packages and updates for software targeting life
sciences and medicine, the Debian Med team has again put a focus on the
quality of the provided packages. In a GSoC project and an Outreachy
project, two students worked hard to add Continuous Integration support to
the packages with the highest popularity-contest usage statistics. The
latest Debian Med sprint in Bucharest also concentrated on package testing.

To install packages maintained by the Debian Med team, install the
metapackages named med-*, which are at version 3.0.1 for Debian stretch.
Feel free to visit the Debian Med tasks pages to
see the full range of biological and medical software available in Debian.

2.2.11. The Xorg server no longer requires root

In the stretch version of Xorg, it is possible to run the Xorg server as a
regular user rather than as root. This reduces the risk of privilege
escalation via bugs in the X server. However, it has some requirements for
working:

It needs logind and libpam-systemd.

The system needs to support Kernel Mode Setting (KMS).
Therefore, it may not work in some virtualization environments
(e.g. virtualbox) or if the kernel has no driver that supports your graphics
card.

It needs to run on the virtual console it was started from.

Only the gdm3 display manager
supports running X as a non-privileged user in stretch. Other display
managers will always run X as root. Alternatively, you can also start X
manually as a non-root user on a virtual terminal via
startx.

When run as a regular user, the Xorg log will be available from
~/.local/share/xorg/.